A Survey of Various Frameworks and Solutions in all Branches of Digital Forensics with a Focus on Cloud Forensics

Digital forensics is a class of forensic science interested with the use of digital information produced, stored and transmitted by various digital devices as source of evidence in investigations and legal proceedings. Digital forensics can be split up to several classes such as computer forensics, network forensics, mobile forensics, cloud computing forensics, and IoT forensics. In recent years, cloud computing has emerged as a popular computing model in various areas of human life. However, cloud computing systems lack support for computer forensic investigations. The main goal of digital forensics is to prove the presence of a particular document in a given digital device. This paper presents a comprehensive survey of various frameworks and solutions in all classes of digital forensics with a focus on cloud forensics. We start by discussing different forensics classes, their frameworks, limitations and solutions. Then we focus on the methodological aspect and existing challenges of cloud forensics. Moreover, the detailed comparison discusses drawbacks, differences and similarities of several suggested cloud computing frameworks providing future research directions. Keywords—Digital forensics; cloud forensics; investigation process; IoT forensics; examination stage; evidence

[1]  Anja Feldmann,et al.  Enriching network security analysis with time travel , 2008, SIGCOMM '08.

[2]  Tim Storer,et al.  Calm Before the Storm: The Challenges of Cloud Computing in Digital Forensics , 2014, Int. J. Digit. Crime Forensics.

[3]  Bu-Sung Lee,et al.  TrustCloud: A Framework for Accountability and Trust in Cloud Computing , 2011, 2011 IEEE World Congress on Services.

[4]  Gregory Epiphaniou,et al.  Internet of Things Forensics: Challenges and approaches , 2013, 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing.

[5]  M. Tahar Kechadi,et al.  Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results , 2013, Digit. Investig..

[6]  Christopher Krügel,et al.  Scalable, Behavior-Based Malware Clustering , 2009, NDSS.

[7]  Nhien-An Le-Khac,et al.  Tiered Forensic Methodology Model for Digital Field Triage by Non-Digital Evidence Specialists , 2016, ArXiv.

[8]  Eugene H. Spafford,et al.  Getting Physical with the Digital Investigation Process , 2003, Int. J. Digit. EVid..

[9]  Kim-Kwang Raymond Choo,et al.  framework for digital forensic evidence : Storage , intelligence , review and archive , 2014 .

[10]  Shidong Zhu,et al.  Design and Implementation of Network Forensic System Based on Intrusion Detection Analysis , 2012 .

[11]  Andreas Haeberlen,et al.  A case for the accountable cloud , 2010, OPSR.

[12]  Mark Pollitt,et al.  Computer Forensics Education , 2003, IEEE Secur. Priv..

[13]  Eugene H. Spafford,et al.  An Event-Based Digital Forensic Investigation Framework , 2004 .

[14]  S. Gokuldev,et al.  HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control by separate Encryption/Decryption in Cloud Computing , 2013 .

[15]  Raffael Marty,et al.  Cloud application logging for forensics , 2011, SAC.

[16]  Sriram Raghavan,et al.  Digital forensic research: current state of the art , 2012, CSI Transactions on ICT.

[17]  Syed Ahmed Ali,et al.  Challenges and Solutions in Cloud Forensics , 2018, ICCBDC'18.

[18]  Duminda Wijesekera,et al.  POSTER: A Logic Based Network Forensics Model for Evidence Analysis , 2015, CCS.

[19]  Magdalena Balazinska,et al.  On-Demand View Materialization and Indexing for Network Forensic Analysis , 2007, NetDB.

[20]  Jan H. P. Eloff,et al.  Integrated digital forensic process model , 2013, Comput. Secur..

[21]  Rajdeep Niyogi,et al.  Network forensic frameworks: Survey and research challenges , 2010, Digit. Investig..

[22]  Nasir D. Memon,et al.  ForNet: A Distributed Forensics Network , 2003, MMM-ACNS.

[23]  Thar Baker,et al.  Iot Forensics: Challenges for the Ioa Era , 2018, 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[24]  Seamus O. Ciardhuáin,et al.  An Extended Model of Cybercrime Investigations , 2004, Int. J. Digit. EVid..

[25]  Sieteng Soh,et al.  Cloud forensics: Technical challenges, solutions and comparative analysis , 2015, Digit. Investig..

[26]  Ainuddin Wahid Abdul Wahab,et al.  Cloud Log Forensics , 2016, ACM Comput. Surv..

[27]  Ali Dehghantanha,et al.  Forensics investigation challenges in cloud computing environments , 2012, Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).

[28]  Mohammad Qatawneh,et al.  Performance Evaluation of Twofish Algorithm on IMAN1 Supercomputer , 2018 .

[29]  Gregg H. Gunsch,et al.  An Examination of Digital Forensic Models , 2002, Int. J. Digit. EVid..

[30]  E. J. van Eijk,et al.  Digital Forensics as a Service: A game changer , 2014, Digit. Investig..

[31]  Jeremy L. Jacob,et al.  A comparison of major issues for the development of forensics in cloud computing , 2013, 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013).

[32]  Anthony Skjellum,et al.  OCF: An Open Cloud Forensics Model for Reliable Digital Forensics , 2015, 2015 IEEE 8th International Conference on Cloud Computing.

[33]  John R. Vacca,et al.  Computer Forensics: Computer Crime Scene Investigation (Networking Series) (Networking Series) , 2005 .

[34]  Indrakshi Ray,et al.  A Generic Digital Forensic Investigation Framework for Internet of Things (IoT) , 2016, 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud).

[35]  Christopher Hargreaves,et al.  An automated timeline reconstruction approach for digital forensic investigations , 2012 .

[36]  Mohammad Qatawneh,et al.  Performance of Parallel RSA on IMAN1 Supercomputer , 2018 .

[37]  Kim-Kwang Raymond Choo,et al.  CDBFIP: Common Database Forensic Investigation Processes for Internet of Things , 2017, IEEE Access.

[38]  Rodney McKemmish,et al.  What is forensic computing , 1999 .

[39]  Terrence V. Lillard Digital Forensics for Network, Internet, and Cloud Computing: A Forensic Evidence Guide for Moving Targets and Data , 2010 .

[40]  Wei Wang,et al.  A Graph Based Approach Toward Network Forensics Analysis , 2008, TSEC.

[41]  Javier López,et al.  A Methodology for Privacy-Aware IoT-Forensics , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[42]  Michael D. Hogan,et al.  NIST Cloud Computing Standards Roadmap , 2013 .

[43]  Ankit Agarwal,et al.  Systematic Digital Forensic Investigation Model , 2011 .

[44]  Azzam Sleit,et al.  Authentication Techniques for the Internet of Things: A Survey , 2016, 2016 Cybersecurity and Cyberforensics Conference (CCC).

[45]  Hein S. Venter,et al.  Digital forensic readiness in the cloud , 2013, 2013 Information Security for South Africa.

[46]  Ting Sang,et al.  A Log Based Approach to Make Digital Forensics Easier on Cloud Computing , 2013, 2013 Third International Conference on Intelligent System Design and Engineering Applications.

[47]  Valerie Hobbs,et al.  The Advanced Data Acquisition Model (ADAM): A Process Model for Digital Forensic Practice , 2013, J. Digit. Forensics Secur. Law.

[48]  Venansius Baryamureeba,et al.  The Enhanced Digital Investigation Process Model , 2004 .

[49]  Eoghan Casey,et al.  IoT forensic challenges and opportunities for digital traces , 2019, Digit. Investig..

[50]  Adam Doupé,et al.  Challenges, Opportunities and a Framework for Web Environment Forensics , 2018, IFIP Int. Conf. Digital Forensics.

[51]  Larry E. Daniel,et al.  Digital Forensics for Legal Professionals: Understanding Digital Evidence from the Warrant to the Courtroom , 2011 .

[52]  Christopher Krügel,et al.  FORECAST: skimming off the malware cream , 2011, ACSAC '11.

[53]  Sebastiaan H. von Solms,et al.  A Control Framework for Digital Forensics , 2006, IFIP Int. Conf. Digital Forensics.

[54]  Kim-Kwang Raymond Choo,et al.  An integrated conceptual digital forensic framework for cloud computing , 2012, Digit. Investig..

[55]  Jan H. P. Eloff,et al.  Framework for a Digital Forensic Investigation , 2006, ISSA.

[56]  Ragib Hasan,et al.  SecLaaS: secure logging-as-a-service for cloud forensics , 2013, ASIA CCS '13.

[57]  Amit Kumar Sikder,et al.  IoTDots: A Digital Forensics Framework for Smart Environments , 2018, ArXiv.

[58]  Yaser Jararweh,et al.  Framework for Mobile Devices Analysis , 2016, ANT/SEIT.

[59]  Hossein Gharaee,et al.  A proposed architecture for network forensic system in large-scale networks , 2015, ArXiv.

[60]  Gregory Epiphaniou,et al.  Mobile Phone Forensics: An Investigative Framework based on User Impulsivity and Secure Collaboration Errors , 2017, Contemporary Digital Forensic Investigations of Cloud and Mobile Applications.

[61]  Eoghan Casey Bs Ma Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet , 2000 .

[62]  L. G. Malik,et al.  An approach towards digital forensic framework for cloud , 2014, 2014 IEEE International Advance Computing Conference (IACC).

[63]  Ragib Hasan,et al.  Cloud Forensics: A Meta-Study of Challenges, Approaches, and Open Problems , 2013, ArXiv.

[64]  Anja Feldmann,et al.  Dynamic Application-Layer Protocol Analysis for Network Intrusion Detection , 2006, USENIX Security Symposium.

[65]  Peng Liu,et al.  Application-Specific Digital Forensics Investigative Model in Internet of Things (IoT) , 2017, ARES.

[66]  Kim-Kwang Raymond Choo,et al.  Challenges in Delivering Software in the Cloud as Microservices , 2016, IEEE Cloud Computing.

[67]  Keyun Ruan,et al.  Cybercrime and Cloud Forensics: Applications for Investigation Processes , 2012 .

[68]  Kevin Mandia,et al.  Incident Response & Computer Forensics , 2003 .